From 1681942fb1d72f5abd66e61a843b32792b463f90 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A2u=20Cao?= <raucao@kip.pe>
Date: Wed, 26 Jul 2023 14:15:22 +0200
Subject: [PATCH] Migrate static website to openresty

---
 nodes/draco.kosmos.org.json                   |  2 ++
 site-cookbooks/kosmos_website/metadata.rb     |  2 +-
 .../kosmos_website/recipes/default.rb         | 23 +++++--------------
 .../templates/nginx_conf_website.erb          |  8 +++----
 4 files changed, 12 insertions(+), 23 deletions(-)

diff --git a/nodes/draco.kosmos.org.json b/nodes/draco.kosmos.org.json
index a73127d..fba9fb1 100644
--- a/nodes/draco.kosmos.org.json
+++ b/nodes/draco.kosmos.org.json
@@ -43,6 +43,8 @@
       "kosmos_drone::nginx",
       "kosmos_rsk::nginx_testnet",
       "kosmos_rsk::nginx_mainnet",
+      "kosmos_website",
+      "kosmos_website::default",
       "kosmos_encfs",
       "kosmos_encfs::default",
       "kosmos-ejabberd::firewall",
diff --git a/site-cookbooks/kosmos_website/metadata.rb b/site-cookbooks/kosmos_website/metadata.rb
index bf45804..8c96a5d 100644
--- a/site-cookbooks/kosmos_website/metadata.rb
+++ b/site-cookbooks/kosmos_website/metadata.rb
@@ -7,5 +7,5 @@ long_description 'Configures the main kosmos.org website'
 version '1.0.0'
 chef_version '>= 15.10' if respond_to?(:chef_version)
 
-depends "kosmos-nginx"
 depends 'git'
+depends "kosmos_openresty"
diff --git a/site-cookbooks/kosmos_website/recipes/default.rb b/site-cookbooks/kosmos_website/recipes/default.rb
index d90cd94..433c9d9 100644
--- a/site-cookbooks/kosmos_website/recipes/default.rb
+++ b/site-cookbooks/kosmos_website/recipes/default.rb
@@ -3,20 +3,16 @@
 # Recipe:: default
 #
 
-include_recipe "kosmos-nginx"
 include_recipe "git"
 
 domain = node["kosmos_website"]["domain"]
 
-nginx_certbot_site domain
-
-directory "/var/www/#{domain}/site" do
-  user node["nginx"]["user"]
-  group node["nginx"]["group"]
-  mode "0755"
+tls_cert_for domain do
+  auth "gandi_dns"
+  action :create
 end
 
-git "/var/www/#{domain}/site" do
+git "/var/www/#{domain}" do
   user node["nginx"]["user"]
   group node["nginx"]["group"]
   repository node["kosmos_website"]["repo"]
@@ -24,16 +20,9 @@ git "/var/www/#{domain}/site" do
   action :sync
 end
 
-template "#{node["nginx"]["dir"]}/sites-available/#{domain}" do
-  source "nginx_conf_website.erb"
-  owner node["nginx"]["user"]
-  mode 0640
+openresty_site domain do
+  template "nginx_conf_website.erb"
   variables domain: domain,
             ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
             ssl_key:  "/etc/letsencrypt/live/#{domain}/privkey.pem"
-  notifies :reload, "service[nginx]", :delayed
-end
-
-nginx_site domain do
-  action :enable
 end
diff --git a/site-cookbooks/kosmos_website/templates/nginx_conf_website.erb b/site-cookbooks/kosmos_website/templates/nginx_conf_website.erb
index 1ac08bf..0eb9f81 100644
--- a/site-cookbooks/kosmos_website/templates/nginx_conf_website.erb
+++ b/site-cookbooks/kosmos_website/templates/nginx_conf_website.erb
@@ -1,12 +1,11 @@
-<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
 # Generated by Chef
 
 server {
-  listen 443 ssl http2;
-  listen [::]:443 ssl http2;
   server_name <%= @domain %>;
+  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
+  listen [::]:443 ssl http2;
 
-  root /var/www/<%= @domain %>/site/public;
+  root /var/www/<%= @domain %>/public;
 
   access_log off;
   gzip_static on;
@@ -29,4 +28,3 @@ server {
     proxy_pass https://accounts.kosmos.org;
   }
 }
-<% end -%>